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Top Stories 

• A Romanian citizen in Florida pleaded guilty October 1 in connection to an ATM scheme 
where criminals installed skimming devices and made multiple illegal withdrawals at 
SunTrust bank branches from 2013 - 2015. - South Florida Sun Sentinel (See item 5) 

• A California resident was accused October 1 of operating a worldwide pyramid scheme 
that raised over $32 million by misleading investors about a non-existent initial public 
offering for USFIA Inc. - U.S. Securities and Exchange Commission (See item 6) 

• An alleged shooter was killed by police after the suspect killed 9 students and injured at 
least 10 others at Umpqua Community College in Oregon October 1. - Washington Post 
(See item 12) 

• T-Mobile announced October 1 that the personal information of 15 million customers was 
compromised after a third-party vendor was hacked between September 2013 and 
September 2015. - Softpedia (See item 20) 
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Energy Sector 



1. October 2, Associated Press - (Hawaii) Hawaii, EPA and Navy agree to plan to 
address tank leaks. The U.S. Navy finalized a deal with the U.S. Environmental 
Protection Agency and the Hawaii State Department of Health October 1 to increase 
protective measures to prevent and detect leaks from 20 giant fuel storage tanks near 
Pearl Harbor that are built into the side of a mountain atop an aquifer vital to 
Honolulu’s water supply. The agreement includes studying options for upgrading the 
tanks, which are used to fuel U.S. military ships and aircrafts, among other 
requirements. 

Source: 

http://www.salon.com/2015/10/02/hawaii epa and navy agree to plan to address ta 
nk leaks/ 

2. October 2, U.S. Environmental Protection Agency - (Delaware) EPA, Delaware City 
Refining Company settle environmental violations. The U.S. Environmental 
Protection Agency announced October 1 that Delaware City Refining Company will 
pay a $73,113 penalty to resolve alleged violations of Federal environmental 
regulations when the company failed to immediately notify State and local authorities 
and the National Response Center following the reported release of 14 pounds of 
benzene in September 2014, and another release of butadiene and hydrogen sulfide in 
February. 

Source: 

http://vosemite.epa.gOv/opa/admpress.nsf/0/cc9fffa5551e62f385257edl004fdlde 

3. October 1, Associated Press - (Arkansas) US pipeline agency fines Exxon subsidiary 
$2.6 million. The Pipeline and Hazardous Materials Safety Administration announced 
October 1 that it determined that ExxonMobil Pipeline Co., violated regulations 
regarding the maintenance, integrity, and operation of its Pegasus pipeline, and that 
time intensified the defects in the pipe following the agency’s final report on the March 
2013 Pegasus pipeline spill of 3,190 barrels of oil near Mayflower and Lake Conway in 
Arkansas. The northern portion of the pipeline remains closed and Federal regulators 
issued the company a $2.6 million civil penalty. 

Source: http://abcnews.go.com/US/wireStorv/us-pipeline-agencv-fines-exxon- 
subsidiary-26-million-341 88022 



Chemical Industry Sector 

4. October 1, Buffalo News - (New York) DuPont to pay $724,000 fine for 2010 fatal 
Tonawanda explosion. U.S. Environmental Protection Agency officials announced 
October 1 that DuPont will pay $724,000 to settle violations connected to a 2010 
explosion at the Yerkes chemical plant in the Town of Tonawanda, New York, which 
killed one person and injured another. The agency’s investigations determined that the 
explosion occurred when vinyl fluoride entered a process tank, and that the facility had 
multiple Clean Air Act violations in addition to hazards reported in a U.S. Chemical 
Safety Board investigation. 

Source: http://www.buffalonews.com/citv-region/town-of-tonawanda/dupont-to-pav- 
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7 24000-fine-for-20 1 0-fatal-tonawanda-explosion-20 151001 



Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 

Critical Manufacturing Sector 

See item 16 

Defense Industrial Base Sector 

Nothing to report 

Financial Services Sector 

5. October 1, South Florida Sun Sentinel - (National) South Florida ATM skimmer 
pleads guilty, apologizes. A Romanian citizen living in south Florida who was arrested 
June 1 in North Carolina pleaded guilty October 1 in connection to an ATM-skimming 
scheme in which criminals installed skimming devices and made multiple illegal 
withdrawals at SunTrust bank branches in Broward, Palm Beach, and Miami-Dade 
counties as well as banks in Tennessee, Georgia, North and South Carolina, Virginia, 
and Maryland from 2013-2015. 

Source: http://www.sun-sentinel.com/news/fl-atm-skimming-guiltv-plea-20 15 1001- 
story.html 

6. October 1, U.S. Securities and Exchange Commission - (International) SEC halts $32 
million scheme that promised riches from amber mining. The U.S. Securities and 
Exchange Commission announced October 1 charges and asset freezes against a 
California resident accused of operating a worldwide pyramid scheme via 13 
California-based entities which raised over $32 million by misleading investors about a 
non-existent initial public offering for USFIA Inc., and claims that the company owned 
several large, valuable amber mines in Argentina and the Dominican Republic. 

Source: http ://w ww . sec . gov/news/pressrelease/20 15-227 .html 

For another story, see item 20 

Transportation Systems Sector 

7. October 2, KSDK 5 St. Louis - (Illinois) Medical emergency may have caused tanker 
crash. Westbound lanes of Interstate 64 near mile maker 19 in O’Fallon were shut 
down for several hours October 1 while HAZMAT crews responded to a fatal accident 
after a semi-truck overturned, killing the driver. 

Source: http://www.ksdk.com/storv/news/traffic/2015/10/01/wb-i-64-ofallon-illinois- 
liq uid-nitro gen/7 3181218/ 

8. October 2, KPHO 5 Phoenix/KTVK 3 Phoenix - (Arizona) Cement truck bursts into 
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flames after driver exits 1-17 in Phoenix. A portion of Interstate 17 in Phoenix 
reopened October 2 after closing for 6 hours while crews cleared the scene after a semi- 
truck hauling cement caught fire October 1. No injuries were reported. 

Source: http://www.kpho.com/storv/30170577/cement-truck-bursts-into-flames-after- 
dri ver-exits-i- 1 7 -in-phoenix 

Food and Agriculture Sector 

9. October 1, U.S. Food and Drug Administration - (International) Wyandot Inc. issues 
allergy alert on undeclared milk in yellow round tortillas. Marion, Ohio-based 
Wyandot Inc., issued a recall September 30 for select packages of its Yellow Round 
Tortillas due to misbranding and potential milk contamination after a customer reported 
finding cheese curls mixed in the bag with the tortilla chips. The products were 
distributed in Ohio, Michigan, Pennsylvania, Oklahoma, Missouri, Kansas, California, 
and Canada. 

Source: http://www.fda.gov/Safety/Recalls/ucm465276.htm 

Water and Wastewater Systems Sector 

10. October 2, Associated Press - (Michigan) Public health emergency declared due to 
lead in Flint water. Michigan officials declared a public health emergency October 1 
and Genesee County commissioners recommended that people not use water in the city 
of Flint unless it is properly filtered, after test results showed high levels of lead in 
blood samples from children. Officials continue to investigate the threat and urged 
residents to use only cold water or use certified filters. 

Source: http://www.msn.com/en-us/news/us/public-health-emergencv-declared-due-to- 
lead-in-flint- water/ar-AAflozq 

11. October 2, U.S. Environmental Protection Agency - (California) U.S. EPA settles with 
East Bay MUD over hazardous waste violations. The U.S. Environmental Protection 
Agency announced a September 30 settlement with East Bay Municipal Utility District 
(EBMUD) resolving the improper management of hazardous waste at the utility’s 
Oakland wastewater treatment plant after an inspection revealed that the facility 
accepted shipments of regulated hazardous wastes without proper permits and 
mislabeled containers of hazardous waste, among other findings. The utility agreed to 
pay a $99,000 penalty. 

Source: 

http://vosemite.epa.gOv/opa/admpress.nsf/0/4EClA73D875EA05585257ED0007C6DD 

D 

For another story, see item 1 

Healthcare and Public Health Sector 

Nothing to report 
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Government Facilities Sector 



12. October 2, Washington Post - (Oregon) Oregon shooter said to have singled out 
Christians for killing in ‘horrific act of cowardice.’ An alleged shooter was killed by 
police following an exchange of gunfire after the shooter armed with 4 guns, killed 9 
students and injured at least 10 others after entering classrooms of Umpqua Community 
College in Oregon October 1. The school was evacuated and authorities continue to 
investigate the incident. 

Source: http://www.washingtonpost.com/news/morning-mix/wp/2015/10/02/oregon- 
shooter-said-to-have-singled-out-christians-for-killing-in-horrific-act-of-cowardice/ 

13. October 1, Bergen County Record - (New Jersey) N.J. justice complex to remain 
closed Friday following chemical leak. The Richard J. Hughes Justice Complex in 
New Jersey remained closed October 2 while crews continued repair work on a gas 
leak in the air-conditioning system after the building was evacuated and closed 
September 30 when the chemical refrigerant R-22 began leaking from a pipe. 

Source: http://www.northiersev.com/news/n-i-iustice-complex-to-remain-closed-friday- 
follo wing-chemical-leak- 1 . 1 423248 

14. October 1, Sacramento Bee - (California) Butte fire reported 100 percent contained. 
Crews reached full containment October 1 of the 70,868-acre Butte Fire that burned in 
Amador and Calaveras counties. The fire claimed two lives and destroyed 863 
structures. 

Source: http://www.sacbee.com/news/local/crime/article37283 181 .html 
For another story, see item 1 

Emergency Services Sector 

15. October 1, WJXX 25 Orange Park/WTLV 12 Jacksonville - (Florida) JSO: Suspects 
stole AR-15 and ammo from police vehicle. The Jacksonville Sheriff’s Office is 
searching for thieves October 1 who stole an AR-15 rifle, a ballistic vest, and dozens of 
rounds of ammunition from an unmarked Duval County Public Schools police 
department vehicle parked in a driveway in the Hamlet division between September 27 
and September 28. 

Source: http://www.firstcoastnews.com/storv/news/crime/2015/10/01/ar-15-rifle- 
bulletproof- vest-stolen-unlocked-police-vehicle/73 163008/ 

Information Technology Sector 

16. October 2, Help Net Security - (International) Unexpectedly benevolent malware 
improves security of routers, IoT devices. Security researchers from Symantec 
discovered an apparently benevolent botnet scheme targeting Internet of things (Re- 
connected devices utilizing code dubbed Wifatch that aims to protect devices from 
attacks via threat updates and removal of known malware families, among other 
features. 
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Source: http://www.net-security.org/malware news.php?id=3 120 



17. October 2, Softpedia - (International) Latest Upatre trojan version targets Windows 
XP users. Researchers from AppRiver reported a new spam-scareware campaign 
targeting Microsoft Windows XP users with ZIP archives containing the Upatre trojan, 
which primarily acts as an entry point for other infections including Dryeza, Rovnix, 
Crilock, and Zeus, and shuts down when executed on a non-Windows XP platform. 
Source: http://news.softpedia.com/news/latest-upatre-troian-version-targets-windows- 
xp-users-493401 .shtml 

18. October 2, Softpedia - (International) Stored XSS in Jetpack plugin allows attackers 
to run code in the WordPress backend. Security researchers from Sucuri discovered 
a persistent cross-site scripting (XSS) vulnerability in Automattic’s Jetpack WordPress 
plugin versions 3.7 and lower in which an attacker could run malicious code that would 
execute whenever a WordPress administrator access the Feedback section of the admin 
panel, by crafting a malicious email string that would end up in the WordPress 
database. The development team released version 3.7.1 patching the XSS bug. 

Source: http://news.softpedia.com/news/stored-xss-in-ietpack-plugin-allows-attackers- 
to-run-code-in-the-wordpress-backend-493397.shtml 

19. October 1, Softpedia - (International) HTTP denial of service vulnerability found in 
Node.js 4.x and io.js 3.x. Node reported the existence of a hypertext transfer protocol 
(HTTP) denial-of-service (DoS) vulnerability affecting recent Node.js and io.js 
platforms, and urged users to migrate back to a previous version until a fix is released. 
Source: http://news.softpedia.com/news/http-denial-of-service-vulnerability-found-in- 
node-js-4-x-and-io-js-3-x-493363.shtml 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 



Communications Sector 

20. October 1, Softpedia - (National) Experian hacked, data for 15 million T-Mobile 
customers lost. T-Mobile announced October 1 that the names, addresses, Social 
Security numbers, and birthdates of 15 million customers was compromised after 
Experian, a third-party vendor that processes the company’s credit applications, was 
hacked between September 2013 and September 2015. 

Source: http://news.softpedia.com/news/experian-hacked-data-for-15-million-t-mobile- 
customers-lost-493377.shtml 
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Commercial Facilities Sector 



21. October 1, Associated Press - (Nevada) 2 dealers, 2 friends indicted in Vegas casino 
cheating case. Two former Bellagio casino dealers and 2 co-conspirators were charged 
September 30 for allegedly participating in a scheme to siphon over $1 million off 
craps tables for 2 years using phantom bets at an upscale Las Vegas Strip resort. The 
scam involved dealers accepting late or unclear bets and paying out winnings while 
colleagues and supervisors were unaware. 

Source: http://www.islandpacket.com/entertainment/celebrities/article37198860.html 

Dams Sector 



22. September 30, Arkansas Democrat-Gazette - (Arkansas) $2.7M lined up for new 
dam. The Federal Emergency Management Agency announced September 29 that 
Bentonville will receive more than $2.7 million from the Federal Government to 
replace an unstable Lake Bella Vista dam. 

Source: http://www.arkansasonline.com/news/2015/sep/30/2-7m-lined-up-for-new- 
dam-20 150930/ 
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NTAS 



NO ACTIVE ALERTS 
wwvv.DHS.gov/alerts 



Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailvReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support@govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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